216.73.217.98

CVE-2026-42994

· Published 01/05/2026 05:16 · Modified 01/05/2026 15:33

Labels: CVE-2026-42994 2026-05-01CVE-2026-42994CWE-78[email protected]

Essential information

Published
01/05/2026 05:16
Modified
01/05/2026 15:33
Author
Creator
CVSS
8.8 HIGH (v3) 8.8 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
bitwarden / bitwarden cli cpe:2.3:a:bitwarden:bitwarden_cli:2026.4.0:*:*:*:*:*:*:*

References